[U-Boot-Users] RFC: extended image formats
Jerry Van Baren
gerald.vanbaren at smiths-aerospace.com
Wed Feb 28 15:58:09 CET 2007
Josh Boyer wrote:
> On 2/27/07, Wolfgang Denk <wd at denx.de> wrote:
>> Hello,
>>
>> I'm trying to figure out what could be done to add (at least in some
>> cases) more information to U-Boot images.
>>
>> In this case, the existing CRC32 checksum is not sufficient;
>> therequirement is to use some stronger hashes (md5 or sha1) to verify
>> the correctness of the kernel and file system images.
>
> Just curious, but why isn't CRC32 sufficient exactly?
>
> josh
CRC32 is pretty weak with respect to:
* Multibit errors:
* It will detect all single bit errors - good
* It will detect all two bit errors up to a block size that
is dependent on the CRC length & polynomial (2KBytes for
CRC-32 IIRC, but I may recall incorrectly - much less than
a u-boot image size in any case) - bad
* It detects some multibit errors but not all of them - bad
* Cryptography: it is trivial (cryptographically speaking) to "fix
up" the CRC after changing something in the block it is
covering - very bad.
Ref:
<http://en.wikipedia.org/wiki/List_of_checksum_algorithms>
<http://en.wikipedia.org/wiki/Cyclic_redundancy_check>
HTH,
gvb
More information about the U-Boot
mailing list